Background and Scope

We are committed to protecting the privacy of the personal information we collect and receive. We comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Privacy Act).

This policy outlines how we collect, use, disclose, and manage personal information from individuals and organisations. It also details how you can request access to or correction of your personal information and how to lodge a complaint regarding a potential privacy breach. This policy does not limit our other legal obligations.

Collection of Personal Information

We collect personal information lawfully and fairly. Whenever possible, we collect information directly from you. Personal information we may hold includes your name, addresses (current and previous), telephone numbers, email addresses, details of your services, and other information required to provide our services.

Personal information stored in our database will not be used or disclosed without your authorisation, except as necessary to perform our services. Third-party access to this information requires your consent.

If you choose not to provide personal information, we may not be able to deliver the services you need to our best standards.

We may collect personal information from:

  • Information you supply directly to us
  • Conversations and communications with you and your employees
  • Third parties, including your representatives or related companies
  • Publicly available sources
  • Legal requirements
  • Our own records

When we collect your personal information, we will inform you of:

  • The purposes for which the information is collected
  • The third parties we may disclose the information to
  • Whether any third parties are overseas and their locations, if practicable
  • How to access and correct your personal information or make privacy complaints

We only collect sensitive information when necessary for our core functions or activities.

You can access our website and make general inquiries anonymously.

Website Cookies

Most browsers are set to accept cookies. You can adjust your browser to reject cookies or notify you when they are used. However, rejecting cookies may limit our website’s functionality.

Use and Disclosure of Personal Information

Your personal information may be used or disclosed to:

  • Provide products and services to you
  • Collect payments and manage your account
  • Inform you about updates or new products and services
  • Develop existing and new products and services
  • Maintain and update our business infrastructure and systems
  • Promote our products and services to you

We may disclose your personal information to third-party organisations, including:

  • Information technology service providers
  • Conference organisers
  • Marketing and communications agencies
  • Mailing houses, freight and courier services
  • Printers and distributors of direct marketing materials
  • Legal, accounting, financial, or other professional advisors
  • Regulatory, government, and other authorities as required by law
  • Our partners and sponsors to provide information about their products and services

Opting Out

By providing your contact details, you consent to receive communications and direct marketing until you advise otherwise. You can opt out at any time via:

  • Mail: 38 Melbourne Hill Rd, Warrandyte, VIC 3113
  • Email: support@thediscagency.com.au
  • Phone: 1300 690 469
  • The unsubscribe facility in our electronic messages

Unsolicited Information

If we receive unsolicited personal information that is not needed for our services or activities, we will destroy or de-identify it as soon as practicable.

Quality of Personal Information

We take reasonable steps to ensure the personal information we collect, use, or disclose is accurate, complete, and up-to-date. To assist us, please:

  • Inform us of any errors in your personal information
  • Keep us updated with any changes

Security of Personal Information

We take reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification, or disclosure. You can help protect your information by keeping passwords secret and logging out after transactions. If you become aware of a security breach, please contact us immediately.

We will destroy or de-identify personal information when it is no longer needed for any purpose.

We are not responsible for the privacy or security of third-party websites linked from our site.

Access to Personal Information

You can access your personal information, with some exceptions as allowed by law. To request your information, write to us, and we will provide it. We may charge a reasonable fee for this service. If we refuse your request, we will provide written reasons and the available complaint process.

TTISI Assessment Privacy FAQ

As part of delivering assessment services, our supplier TTI Success Insights Pty Ltd (TTISI ANZ) acts as a sub-processor of personal information, while TTI Success Insights (TTISI HQ) acts as the processor. TTISI HQ manages the technical platform on which assessment data is collected and stored. They are ISO 27001 certified, and their full suite of security documentation is available here: https://www.ttisi.com/iso-27001/

Below are some commonly asked questions:

1. Where is assessment data collected in Australia stored?

All personal information is stored in a secure Amazon Web Services (AWS) data centre located in Singapore.

2. Who has access to the data, and from where can it be accessed?

Access to assessment data is strictly limited:

TTISI ANZ staff have access through individual, password-protected accounts and only for legitimate support or administrative purposes.

TTISI HQ staff may access data when necessary. For example, to troubleshoot a technical issue at our request. These staff are based in North America and only access information on a need-to-know basis.

Both front-end and back-end systems are protected by strict security controls.

3. What is the level of data security at the storage site?

Data is hosted within an AWS facility. AWS is a global industry leader in secure infrastructure services. You may request detailed information about AWS security protocols directly from AWS if required.

In addition, TTI Success Insights maintains ISO 27001 certification for its Information Security Management System. The certification, Information Security Manual, and Statement of Applicability (which outlines all implemented controls) can be accessed here: https://www.ttisi.com/iso-27001/

These documents typically meet the security and compliance requirements of most companies, including our large, multinational clients.

4. How is data transferred to the storage environment, and how does this comply with the Australian Privacy Act for offshore transfer?

While TTI Success Insights does not disclose detailed transfer protocols for confidentiality reasons, the following applies:

● All communication between the user and the platform is fully encrypted end-to-end.

● The web interface uses SSL encryption over HTTPS.

● Any back-end access by TTI Success Insights occurs through SSH tunnels over an already encrypted VPN.

These measures ensure that data is securely transferred and protected during offshore processing.

5. How long is personal information retained, and how is it deleted or de-identified?

The platform provides several options for de-identifying or deleting respondent information. By default, information is retained; however, organisations may choose to set an automatic expiry date for de-identification if required.

Respondents may also request deletion of their personal data at any time via this form: https://gdpr.ttisisurvey.com/

6. If data is de-identified, can it be re-identified?

No. Once data has been de-identified, it cannot be reconstructed, and the respondent’s report cannot be regenerated. If a new report is required, the individual must pay for and complete the assessment again.

Please note: once data is deleted, the respondent cannot be included in Team Reports or Group Wheels.

7. What collection statement or privacy notice is provided to users?

Respondents are presented with an initial privacy notice before completing an assessment. The “TTI Privacy Statement” link displayed in that notice directs users to the following page: https://www.ttisisurvey.com/privacy/en_AU

Complaints

If you have a complaint about how we handle your personal information, please contact us. We aim to resolve complaints within five business days. If more time is needed, we will inform you in writing. If you are unsatisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner.

Contact Us

Address: 38 Melbourne Hill Rd, Warrandyte, VIC 3113
Email: support@thediscagency.com.au
Phone: 1300 690 469